Monday, June 28

You mean I do have a right to an attorney?

The Supremes have decided that US citizens have the right to due process when detained as Enemy Combatants by the US Military, even if they are being sequestered on the Moon or Guantanamo Bay Naval Station. And federal courts have jurisdiction to consider habeas corpus petitions. I feel better now that Justice O'Connor, in writing the opinion for the 6-3 majority, has reminded those of us who had forgotten:


...a state of war is not a blank check for the President when it comes to the rights of the Nation’s citizens.


She also says:

[Hamdi] unquestionably has the right to access to counsel in connection with the proceedings on remand.


It's
not clear
that you have these rights if you had somehow turned your shoes into a bomb, but one thing at a time.

Thursday, June 24

Oh, that's different!

Yesterday I complained about a hopeless situation where Blogger, my Webhost (Charter) and some browsers (read: Mozilla) interacted to result in some of Recondite's readership not being able to post comments.


Turns out the fix was simple: Blogger stores permalink files with the same extension as archive files. I told Blogger to archive into "archive.html" (I let it pick its own name before) and after reposting every stinking article, comment links work.


Try it and see. And comment!



Wednesday, June 23

End of an Error

Believe it or don't — COMDEX Las Vegas 2004 has been cancelled. It was Yogi Berra who said (about a NYC eatery): "Nobody goes there anymore; it's too crowded."

Two wrongs don't make a compliant browser

Recondite readers who use standards-compliant browsers rather than, say, IE, may notice that this blog's permalinks and comment tags (at the bottom of every post) don't do the right thing when you click on them. Rather than seeing a formatted page of HTML, you see a page of text containing, well, HTML. This is because, as Eric Rescorla points out, this blog's web server offers those pages as Content-Type: text/plain rather than text/html. Don't blame your faithful correspondent.


To format this blog, I use Blogger. For the webserver, my ISP, Charter provides. Blogger writes permalink (and comment) pages as files named as it chooses, without an extension. Charter runs Apache, apparently configured to serve extension-less files (as opposed to files with the extension .html) as text/plain. The server is also apparently configured to ignore .htaccess files in my directory as well (not that this is unreasonable), so I can't change anything. So the wrong thing happens, unless of course, your browser does the wrong thing itself. Get it?


So run IE. Or don't. But don't blame me.


Update 6/24: I just got a response from Blogger technical support with a suggested fix for my configuration. We'll see this works. If it does, perhaps we should title this post Oh, that's different! Nevermind....

Tuesday, June 22

Shall I cough on you, George?

On my XP machines, I run Norton AntiVirus 2003 and hope not to be bothered. In addition, I manually run Ad-aware because of Symantec's stance regarding trojans and spyware (they're not viruses, hence Norton doesn't bother to protect against them).1


Well, this apparently wasn't enough. For the past two days, I've had various horrible symptoms: home page hijacks, toolbar reconfigurations, popups when no browser is running and other irritating things as well. I update Norton and scan: nothing. Update Ad-aware, and get all sorts of malware detected, which Ad-aware removes. But the symptoms reappears some time later.


I check the websites that the pop-ups and hijack destinations reference, nothing interesting and googling them yields nothing either. Trend Micro's HouseCall ActiveX-based malware scanner doesn't run at all — IE crashes.


Without any clues other than the fact that HouseCall won't run (suspicious in itself) I download the trial version of Trend Micro's stand-alone antivirus product, PC-cillin. Interestingly, the installer refuses to run unless Norton is uninstalled! After some thrashing around, I decide to uninstall Norton and install PC-cillin. After installing and updating PC-cillin I get to run it. Immediately, it finds TROJ_AGENT.AC and JAVA_BYTEVER.A.2 Problem solved.


This experience doesn't give me a whole lot of faith in Norton. I do get a giggle, though, from the thought of a silent war for disk space between software trial versions.


[1] This policy was changed in the 2004 version.


[2] Turns out what my PC had was the CoolWebSearch hijack trojan which uses the ByteVerify exploit in the MS Java VM and is notoriously difficult to get rid of.

Take that, NYT!

I probably have written no more than five letters-to-the-editor in my life. Today's NYT op-ed on the flight of SpaceShipOne provoked me to write. Since they doubtless won't print it and since you'd have to register to read it (or the editorial, for that matter) I'll reprint it here. The gist of their piece was: who cares?

To the Editor:



Re "To the Fringes of Space" (editorial, June 23)



Hmm. Perhaps this would be a good time to rerun another Times editorial, "A Severe Strain on Credulity" published 13 January, 1920. In this, one of your predecessors, also apparently an expert on space travel, points out that Professor Goddard's invention could not possibly work since rockets "...need to have something better than a vacuum against which to react."



Given that the Times changed its opinion on Goddard's work in mid-1969, should I be watching these pages for a retraction around 2053 or so?



Allan M. Schiffman

Lake Tahoe, Nevada

Sunday, June 20

Do Not Press This Button

I finally got a comment on a blog posting, catapulting Recondite into the glorious realm of interactive multimedia! Naturally enough, I immediately decided to investigate Blogger's comment-handing features.


Clicking on the "1 Comment" tag below the post brought me to a new page with the lovely and fascinating comment by my old buddy Frank J. At the bottom of this comment was a tiny little squarish glyph that I couldn't quite make out. Naturally enough again, I clicked on the glyph.


Apparently, one of Blogger's comment-handling features is deleting them. Sorry about that.

Another deliberate misquotation

As I have admitted before, I am addicted to epigrams. I sometimes say something like "every failure arises from an excess of one's own first principle."

The correct quote, from Lord Acton, is actually:
Every institution finally perishes by an excess of its own first principle.

Tuesday, June 15

Notes towards Memoirs of a Bit Player

Everyone, they say, has a book in them. I daydream about mine, which would be about the interesting and semi-famous silicon valley people I have known (even if they're from elsewhere). In my daydream, each chapter has an anecdote about somebody who is either now or once was well-known, or at least should have been. The catch is, I would have had to be present at (preferably a participant in) the occasion that the anecdote describes.

I can immediately think of several anecdotes that meet the criteria, which is encouraging. But every time I think long enough, I realize that I can't even come up with ten such occasions. This is discouraging. But that's enough to make plenty of grist for this blog, right?

Before I tell you the story, remind me next time to tell you about the time I saw HIC in an Italian suit and Henry Baker explained why. But not now. For this chapter, which we could call Oh, Shit, the date is May 1981. Gather around, children.

In those days, the moral equivalent of COMDEX was NCC, the annual National Computer Conference, which was sponsored by AFIPS (you probably haven't heard of them either). At its height there may have been 100,000 attendees, enormous for the industry then. All the important computer industry announcements were made there and there was a refereed conference proceedings published. People would do anything to get booth space on the main floor rather than in one of the offsite tents. Space was a more-or-less fixed price per square foot, but location priorities were assigned by attendance seniority.

The conference that year was in Chicago, at whatever passed for a convention center then. There were always rumors about who was going to announce what cool product. I was interested in a lot of things rumored, like Digital's successor to the KL-10, the Jupiter. DEC didn't announce it then, and in fact announced Jupiter's cancellation two years later, breaking my heart and the hearts of many others.

But what I was most excited about was the impending announcement of the Xerox Star workstation.

I worked at Fairchild Lab for AI Research then (a.k.a. Fairchild AI Lab, with the more telling acronym) — a pretty cool place to be and within stone-throwing range of Xerox PARC. Not that we would have thrown any — the gods lived there, as on Olympus: Thacker, Lampson, Taylor, Kay and the rest. (Note who the rest included! Deutsch, Sproull, Teitelman, Ingalls, Bobrow, Simonyi, Metcalfe, Warnock, Tesler...)

I knew about the wonders they had produced: bit-mapped graphics, Ethernet, the mouse, gui w/ overlapping windows, laser printers, Smalltalk, Interlisp, Press and on and on. But. You. Couldn't. Have. Any. Of. It.

So here I am, in Chicago, wearing suit-and-tie (1981, remember), standing shoulder-to-shoulder geek-to-geek in Xerox's booth, about to see the first-ever public demo of the Star workstation. Apparently, some new Prometheus had gone to PARC, spirited away their secrets to SDD in El Segundo, and was now making it possible for mortals to obtain these wonders. Even to just see them might be enough.

I'm standing there, getting the demo of my life. On tiptoe, peering over the heads in front of me I see, for my first time, not only the mouse, but the desktop metaphor. Not only bitmaps, but WYSIWYG. Not just networking, but file servers. There's only one thing spoiling my perfect reverie. The guy standing to my left, his shoulder pressing into mine.

This guy just won't shut up! I mean, the Xerox demo guy (who is very good) is talking and the guy on my left keeps talking too, sotto voce, no, louder than that. Oh, shit. Fuck me. Shit. Holy Shit. Oh, Fuck. Fuck, fuck, fuck, shit, fuck shit. Oh shit. He just won't stop.

I've had about all of this I can take. I tear my eyes away from the demo in front, swivel my head to the left and get ready to tell this jerk to shut up. It's Steve Jobs.

Blogger Ethics

I just went back and added some clarifying material in one earlier post and added an informational update in another. The latter is clearly marked as an update, including when it was done; the former is just changed without showing what was changed.


I feel ashamed.


Sunday, June 13

The Agony and the Parody

In April I went on a two-week package tour of Northern India (Uttaranchal) with sixteen Singaporeans. Not my first experience with India. Not my first experience with package tours. Not even my first experience with package tours in India.

Nor was it my first time with Singaporeans; long ago I lived in Singapore for a few years as an exchange student and itinerant computer programmer. OK. So I have no one to blame but myself.


The Singaporean self-image is greedy and cheap, summed up by their word for themselves: "kia su" — afraid to lose. The April tour was one of the worst experiences of my life, but it was inspiring.


The following song, which I wrote, which was written by me, that I wrote, by myself as it were, being the one who wrote it you see, [that clear enough, Eric?] contains Singaporean patois and is sung to the tune of The Bangle's Walk Like an Egyptian.



All the statues in Tiger Balm Park
They look real weird can't you see
You stay there your side (oh ai yo)
How come you are so kay po chee

All the towkay boys at the stores
They want to know: are you gonna buy
Why no discount (oh ai yo)
They kick you out but you don't know why

Private cops at the tourist shops go
Ai yo ai yo, ai yo ai yo
Tour like Singaporeans

At the buffet they go first
Then they go back, take some more
They're scared to lose (oh ai yo)
You get in front then they get sore

Get on the bus, chope the best seats
Stay out of the back of the van
Keep it all for me (oh ai yo)
We're touring like Singaporeans

All the kids milling in the malls go
Ai yo ai yo, ai yo ai yo
Tour like Singaporeans

[whistle]

Best one is under the stack
Get your share, go on attack
Stuff's much too kwee (oh ai yo)
So try to get your money back

If you wanna find all the cabs
They're eating laksa in the stalls
They so kiasu (oh ai yo)
Can or not give more they will call

All the memsahibs with their men
They never heard about ASEAN
And the nonyas know (oh ai yo)
They tour around like Singaporeans

All the cabs eating chili crab cry
Ai yo ai yo, ai yo ai yo
Tour like Singaporeans
Tour like Singaporeans


Uttaranchal wasn't any picnic either. Note to Indians: stop burning everything!

Saturday, June 12

I knew he was wrong

More about Ephemeral VM Environments and EKR's criticism of same. They are so not sandboxes since EVMEs don't prevent "unsafe" actions (hence crashing the suspected program). Rather, they allow suspects to do their worst and attempt to make the side-effects harmless.


This distinction makes for, I believe, a much simpler user-interface, system design and security policy. So I still claim the idea is new and potentially useful.


Update 6/15/04: I saw EKR today and he made several concessions, one amendment, and, finally, a major endorsement of the idea. Summarizing his points:


  • A concession: EVMEs are something that might be quite useful in the Internet Cafe scenerio.

  • Another: There are situations similar to the Internet Cafe scenerio, such as a guest using your home computer, where EVMEs would be useful.

  • Yet Another: EVMEs might be useful to run email attachments in.

  • The amendment: This idea isn't Sandboxing, really. This is Jailing, which is a different term of art.

  • The endorsement: he thought of this himself a year ago.


If you know EKR, you realize that the last is an endorsement indeed.

That's one small step against spam

I know you've been asking:
How can I put my email address on my web page or blog without the address being harvested by spammers?

Well, friend, there is an answer — use Automatic's Enkoder Form to create a block of Javascript that obscurifies your email address. Paste the result into your web page and you're safe until the harvesters solve the halting problem.

Friday, June 11

Back to the Drawing Board?

In a private message to me, Eric Rescorla dumps on my Ephemeral VM Environments idea on several grounds:

  1. Its been thought of — it's called Application Sandboxing. See Janus.
  2. The import and export of user data is the whole problem and can't be glossed for naive users.
  3. One's PC accumulating malware isn't a big deal, compromised data is.


Well, I knew about sandboxing, but didn't know people applied it post-facto to existing programs in existing environments. All of the work seems to be for Unixes.


And I agree that the import and export of data is a big deal, but I think he's making more of it than he should. Imagine, for example, a PC in an Internet Cafe. The proprietors basically don't want user's data surviving a session. This seems to be a very natural way to surf the web: I want freedom to visit any website, and when I'm done I want it to be as if I never went there at all.


As to malware not being a real problem for people except for the data it compromises...I think this may be explained by the computer sophistication of the people he is in contact with. As for me, (almost) all of my friends and relatives are naive users and all of them have had problems with malware that I have helped them with.

Wednesday, June 9

Mean and Stupid

Ketchup as a vegetable. Trees cause pollution. Funding for Central American death squads. Stingers for the Mujahideen. Nerve gas precursors for Saddam. Hawk missiles for Khomeini. Ollie North. James Watt. William Casey. Ed Meese. Ignoring "the gay disease". "Trickle Down". "We start bombing in five minutes". Deficits as far as the eye can see.



Christopher Hitchens is willing to speak ill of the dead and so am I.



The panegyrics make me gag. That my country was saddled with his presidency for so long makes me think of history as an evil conspiracy.

Tuesday, June 8

Disposable, Hence Safe Computing

In my last posting I noted that there were some problems with the proposal to deploy and then destroy a new computer every time you use one. So, OK, I didn't really mean a physical computer, I meant a virtual one.



For the sake of concreteness, let's assume you use a Windows XP computer. So, every time you fired-up Explorer or Outlook (for example), these programs would run inside a virtual machine environment that would run Windows XP as a guest OS. The system would have pre-arranged a copy-on-write clone of the standard file systems, without your personal files.



When the program you're running exits, the VM environment notes whatever files were created and offers to save the ones that were appropriate for the tasks you did (but not without scanning them first). To do this well would require having a model of the operations of popular programs.



Actually, there should be a mechanism to import personal files when the system starts up — cookies for Explorer and account configuration stuff for Outlook in the scenario described here. Again, models of the programs that are to be run would be helpful.



A firewall mechanism on the VM's network access needs to be provided to block access that is potentially dangerous to the user's network environment. For simple uses, that means any network access not on the public Internet.



OK, so there's the idea. Now what?

Sunday, June 6

Say Hello to the Nice Mad Scientist, Dear

In my previous post I named three ideas I had recently which I admitted might not be original or even practical.



Taking these in no particular order, I'll describe tonight the invention I call Safe Computing with Ephemeral VM Environments.



As background we note that there are all sorts of computing hazards online — viruses, worms, trojans, and whachamacallits that we don't care to distinguish between for the purposes of this discussion. Users can't be expected to fend-off all these attacks by running virus checkers and spyware scanners and firewalls and patching their OS and updating the checkers and scanners and spraying the motherboard with Lysol. If people don't do these things, however, they may find that their computers become unusable or weaken national security!



The problem we wish to solve is: we want to make a computing environment in which even naive users can visit evil websites, open arbitrary email attachments or run unknown executables pretty much without fear of consequences.



To solve this problem, I propose that every time you use a computer you use a brand new one, and once you are done with your particular task you destroy that machine by, say, grinding it into a fine powder and burying that in your garden. Clearly, if you do this you don't need to worry about your privacy being compromised — the computer doesn't know anything about you. And you don't have to worry about the computer harboring nasty software either — it is going to be destroyed in a few minutes.



Perceptive computer-science types will likely note that this doesn't address all uses of computers or all the security problems. Some computer tasks that have side effects (say, write files) are not supported, and some consequences of attacks (such as zombies, see the national security issue mentioned above) are not mitigated.



Readers with a background in economics may suggest that this solution would require converting the global industrial base entirely to the production of computer systems. Our ecologically-minded colleagues will object to large quantities of toxic powder that would be created if this proposal was widely followed.



We will address these objections in our next posting.

Saturday, June 5

Three (possibly un-) Original Ideas

I constantly have ideas about technical sort-of things, often outside of the areas of my training and experience. They may be original and practical. More likely, since I haven't: a) searched the literature or b) built a prototype — they are neither.



Nonetheless, remind me to tell you about:


  1. Model-based Noise Suppression

  2. Provably Valid Physical Documents

  3. Safe Computing with Ephemeral VM Environments



Admittedly, the last two ideas are in a field I know something about. But I haven't done the search or even a strawman design for any of these. Still, I might as well write them down someday.

Friday, June 4

Quotable

As you get older, you need to make more of an effort to appear wise to substitute for failing powers of memory, concentration, etc. Hence my reliance on pithy quotes.


I often (deliberately) misquote JFK, who said:

Happiness is the full use of your powers along lines of excellence.

I modify it to get to the spirit of what I think he meant by substituting "along lines of excellence" with "towards noble ends". To misquote someone else, excellence in the pursuit of vice is no virtue.


I have an opportunity to trot this phrase out about twice a year, usually without attributing it unless asked. Another secret revealed.



Thursday, June 3

Comparative Disadvantage

I realized today why I usually expect to be taken advantage-of in a professional situation. Of course, I only realized it when I was explaining it to someone else — in this case, my sister Sandy. She was applying for a mortgage and had invited me along for a visit to the prospective loan officer. He was, of course, bumptious, self-satisfied, smug and patronising.



He had every right to be. How much do I (or my sister) know about home loans? Very little compared to him. He handles many mortgages per day; I deal with less than two per decade. He can claim, and did, that his choice of loan parameters were in our best interest and that it would take too much time to explain the rationale for each of them.



My doctor. My mechanic. Plumber. Real estate agent. Accountant. Car dealer. Wine steward. Travel agent. Banker. Recruiter. Gardener. Senator. Personal trainer. Waiter, librarian, janitor? I have to just trust them, but I don't have to like it.



Quid custodit ipsos custodes?